[Git][security-tracker-team/security-tracker][master] Add CVE-2020-26116 tracking

Salvatore Bonaccorso carnil at debian.org
Sun Sep 27 09:41:57 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
17a7a8fe by Salvatore Bonaccorso at 2020-09-27T10:41:26+02:00
Add CVE-2020-26116 tracking

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8,7 +8,18 @@ CVE-2020-26117 (In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC be
 	NOTE: https://github.com/TigerVNC/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cba (master)
 	NOTE: https://github.com/TigerVNC/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6e (master)
 CVE-2020-26116 (http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x be ...)
-	TODO: check
+	- python3.9 3.9.0~b5-1
+	- python3.8 3.8.5-1
+	- python3.7 <removed>
+	- python3.5 <removed>
+	NOTE: https://bugs.python.org/issue39603
+	NOTE: https://python-security.readthedocs.io/vuln/http-header-injection-method.html
+	NOTE: https://github.com/python/cpython/commit/8ca8a2e8fb068863c1138f07e3098478ef8be12e (master)
+	NOTE: https://github.com/python/cpython/commit/27b811057ff5e93b68798e278c88358123efdc71 (v3.9.0b5)
+	NOTE: https://github.com/python/cpython/commit/668d321476d974c4f51476b33aaca870272523bf (v3.8.5)
+	NOTE: https://github.com/python/cpython/commit/ca75fec1ed358f7324272608ca952b2d8226d11a (v3.7.9)
+	NOTE: https://github.com/python/cpython/commit/f02de961b9f19a5db0ead56305fe0057a78787ae (v3.6.12)
+	NOTE: https://github.com/python/cpython/commit/524b8de630036a29ca340bc2ae6fd6dc7dda8f40 (v3.5.10)
 CVE-2020-26115 (cPanel before 90.0.10 allows self XSS via the Cron Editor interface (S ...)
 	NOT-FOR-US: cPanel
 CVE-2020-26114 (cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17a7a8feae56f7ec196b9a4fc560c7ea7ab6e490

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17a7a8feae56f7ec196b9a4fc560c7ea7ab6e490
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200927/d83d8c36/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list